From a94ae64e353e1daba3bd06b9b2b59eca38d618e2 Mon Sep 17 00:00:00 2001 From: Sean Park-Ross <94021366+seanparkross@users.noreply.github.com> Date: Thu, 11 Aug 2022 15:09:58 +0200 Subject: [PATCH] Docs: Add admin secret info to authentication, queries, mutations, subscriptions section PR-URL: https://github.com/hasura/graphql-engine-mono/pull/5396 GitOrigin-RevId: 05f6a8156ba5dc5e23edd4b9df71c08e929f38ca --- docs/docs/auth/authentication/index.mdx | 12 ++++++++++++ docs/docs/mutations/index.mdx | 5 +++++ docs/docs/queries/index.mdx | 4 ++++ docs/docs/subscriptions/index.mdx | 5 +++++ 4 files changed, 26 insertions(+) diff --git a/docs/docs/auth/authentication/index.mdx b/docs/docs/auth/authentication/index.mdx index 8d9b95421f0..7c0d5cf3cad 100644 --- a/docs/docs/auth/authentication/index.mdx +++ b/docs/docs/auth/authentication/index.mdx @@ -25,6 +25,9 @@ like `X-Hasura-User-Id`, to build permission rules. You can also configure Hasura to allow access to unauthenticated users by configuring a specific role which will be set for all unauthenticated requests. +For information about making requests using the Admin Secret header please +[see here](/auth/authentication/index.mdx#admin-secret-header). + ## Authentication options Hasura supports two modes of authentication configuration: @@ -59,3 +62,12 @@ Enterprise Grade Authorization - [Watch Webinar](https://hasura.io/events/webinar/authorization-modeling-hasura/?pg=docs&plcmt=body&cta=watch-webinar&tech=). ::: + +## Using the Admin Secret header {#admin-secret-header} + +Hasura will allow all queries, mutations and subscriptions when you include your `X-Hasura-Admin-Secret` header on +your request. If you also include the `X-Hasura-User-Id` and `X-Hasura-Role` headers along with the +`X-Hasura-Admin-Secret` header you can "pretend" to be that user and role. + +Without the `X-Hasura-Admin-Secret` header you will need to authenticate your requests as a user and role with one +of the options below. \ No newline at end of file diff --git a/docs/docs/mutations/index.mdx b/docs/docs/mutations/index.mdx index 0cb60eabb3c..0bae7454da6 100644 --- a/docs/docs/mutations/index.mdx +++ b/docs/docs/mutations/index.mdx @@ -19,6 +19,11 @@ Data of all tables in the database tracked by the GraphQL engine can be modified a tracked table in your database, its insert/update/delete mutation fields are added as nested fields under the `mutation_root` root level type. +## Authentication + +For information about authenticating your mutations see the [authentication section](/auth/authentication/index.mdx) +here. + ## Explore mutations - [Explore mutations with Postgres / Citus / Hyperscale](/mutations/postgres/index.mdx) diff --git a/docs/docs/queries/index.mdx b/docs/docs/queries/index.mdx index c3e3f6cdf23..b753669028e 100644 --- a/docs/docs/queries/index.mdx +++ b/docs/docs/queries/index.mdx @@ -19,6 +19,10 @@ generates a range of possible queries and operators that also work with relation All tables of the database tracked by the GraphQL engine can be queried over the GraphQL endpoint. If you have a tracked table in your database, its query field is added as a nested field under the `query_root` root level type. +## Authentication + +For information about authenticating your queries see the [authentication section](/auth/authentication/index.mdx) here. + ## Explore queries - [Explore queries with Postgres / Citus / Hyperscale](/queries/postgres/index.mdx) diff --git a/docs/docs/subscriptions/index.mdx b/docs/docs/subscriptions/index.mdx index 8ce15bbe19b..77eba33548f 100644 --- a/docs/docs/subscriptions/index.mdx +++ b/docs/docs/subscriptions/index.mdx @@ -24,6 +24,11 @@ for only one root field in a subscription. ::: +## Authentication + +For information about authenticating your subscriptions see the [authentication section](/auth/authentication/index.mdx) +here. + ## Explore subscriptions - [Explore subscriptions with Postgres / Citus / Hyperscale](/subscriptions/postgres/index.mdx)